Bugzilla – Bug 1173578
VUL-0: CVE-2020-15389: openjpeg2: use-after-free if t a mix of valid and invalid files in a directory operated on by the decompressor
Last modified: 2022-06-10 09:39:32 UTC
CVE-2020-15389 jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free may also be possible. This is related to calling opj_image_destroy twice. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15389 http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15389.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15389 https://github.com/uclouvain/openjpeg/issues/1261 https://pastebin.com/4sDKQ7U8
Tracked SLE15 and SLE12 as affected. The POC is attached. Reproduced it in Leap 15.1 and in TW. The patch is applied cleanly in both codestreams. To run the poc simply: opj_decompress -ImgDir Inputs/ -OutFor PGM
Created attachment 839262 [details] POC extract is needed
Done, reassigning to security-team.
SUSE-SU-2022:1129-1: An update that fixes 13 vulnerabilities is now available. Category: security (important) Bug References: 1102016,1106881,1106882,1140130,1140205,1162090,1173578,1180457,1184774,1197738,971617,980504 CVE References: CVE-2016-1924,CVE-2016-3183,CVE-2016-4797,CVE-2018-14423,CVE-2018-16375,CVE-2018-16376,CVE-2018-20845,CVE-2018-20846,CVE-2020-15389,CVE-2020-27823,CVE-2020-8112,CVE-2021-29338,CVE-2022-1122 JIRA References: Sources used: SUSE OpenStack Cloud Crowbar 9 (src): openjpeg2-2.1.0-4.15.1 SUSE OpenStack Cloud Crowbar 8 (src): openjpeg2-2.1.0-4.15.1 SUSE OpenStack Cloud 9 (src): openjpeg2-2.1.0-4.15.1 SUSE OpenStack Cloud 8 (src): openjpeg2-2.1.0-4.15.1 SUSE Linux Enterprise Server for SAP 12-SP4 (src): openjpeg2-2.1.0-4.15.1 SUSE Linux Enterprise Server for SAP 12-SP3 (src): openjpeg2-2.1.0-4.15.1 SUSE Linux Enterprise Server 12-SP5 (src): openjpeg2-2.1.0-4.15.1 SUSE Linux Enterprise Server 12-SP4-LTSS (src): openjpeg2-2.1.0-4.15.1 SUSE Linux Enterprise Server 12-SP3-LTSS (src): openjpeg2-2.1.0-4.15.1 SUSE Linux Enterprise Server 12-SP3-BCL (src): openjpeg2-2.1.0-4.15.1 SUSE Linux Enterprise Server 12-SP2-BCL (src): openjpeg2-2.1.0-4.15.1 HPE Helion Openstack 8 (src): openjpeg2-2.1.0-4.15.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:1252-1: An update that fixes 13 vulnerabilities is now available. Category: security (important) Bug References: 1076314,1076967,1079845,1102016,1106881,1106882,1140130,1160782,1162090,1173578,1180457,1184774,1197738 CVE References: CVE-2018-14423,CVE-2018-16375,CVE-2018-16376,CVE-2018-20845,CVE-2018-5727,CVE-2018-5785,CVE-2018-6616,CVE-2020-15389,CVE-2020-27823,CVE-2020-6851,CVE-2020-8112,CVE-2021-29338,CVE-2022-1122 JIRA References: Sources used: openSUSE Leap 15.4 (src): openjpeg2-2.3.0-150000.3.5.1 openSUSE Leap 15.3 (src): openjpeg2-2.3.0-150000.3.5.1 SUSE Manager Server 4.1 (src): openjpeg2-2.3.0-150000.3.5.1 SUSE Manager Retail Branch Server 4.1 (src): openjpeg2-2.3.0-150000.3.5.1 SUSE Manager Proxy 4.1 (src): openjpeg2-2.3.0-150000.3.5.1 SUSE Linux Enterprise Server for SAP 15-SP2 (src): openjpeg2-2.3.0-150000.3.5.1 SUSE Linux Enterprise Server for SAP 15-SP1 (src): openjpeg2-2.3.0-150000.3.5.1 SUSE Linux Enterprise Server for SAP 15 (src): openjpeg2-2.3.0-150000.3.5.1 SUSE Linux Enterprise Server 15-SP2-LTSS (src): openjpeg2-2.3.0-150000.3.5.1 SUSE Linux Enterprise Server 15-SP2-BCL (src): openjpeg2-2.3.0-150000.3.5.1 SUSE Linux Enterprise Server 15-SP1-LTSS (src): openjpeg2-2.3.0-150000.3.5.1 SUSE Linux Enterprise Server 15-SP1-BCL (src): openjpeg2-2.3.0-150000.3.5.1 SUSE Linux Enterprise Server 15-LTSS (src): openjpeg2-2.3.0-150000.3.5.1 SUSE Linux Enterprise Realtime Extension 15-SP2 (src): openjpeg2-2.3.0-150000.3.5.1 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (src): openjpeg2-2.3.0-150000.3.5.1 SUSE Linux Enterprise Module for Basesystem 15-SP4 (src): openjpeg2-2.3.0-150000.3.5.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 (src): openjpeg2-2.3.0-150000.3.5.1 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src): openjpeg2-2.3.0-150000.3.5.1 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src): openjpeg2-2.3.0-150000.3.5.1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src): openjpeg2-2.3.0-150000.3.5.1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src): openjpeg2-2.3.0-150000.3.5.1 SUSE Linux Enterprise High Performance Computing 15-LTSS (src): openjpeg2-2.3.0-150000.3.5.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS (src): openjpeg2-2.3.0-150000.3.5.1 SUSE Enterprise Storage 7 (src): openjpeg2-2.3.0-150000.3.5.1 SUSE Enterprise Storage 6 (src): openjpeg2-2.3.0-150000.3.5.1 SUSE CaaS Platform 4.0 (src): openjpeg2-2.3.0-150000.3.5.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:1296-1: An update that fixes 6 vulnerabilities is now available. Category: security (important) Bug References: 1102016,1106881,1162090,1173578,1180457,1184774 CVE References: CVE-2018-14423,CVE-2018-16376,CVE-2020-15389,CVE-2020-27823,CVE-2020-8112,CVE-2021-29338 JIRA References: Sources used: openSUSE Leap 15.4 (src): openjpeg-1.5.2-150000.4.5.1 openSUSE Leap 15.3 (src): openjpeg-1.5.2-150000.4.5.1 SUSE Manager Server 4.1 (src): openjpeg-1.5.2-150000.4.5.1 SUSE Manager Retail Branch Server 4.1 (src): openjpeg-1.5.2-150000.4.5.1 SUSE Manager Proxy 4.1 (src): openjpeg-1.5.2-150000.4.5.1 SUSE Linux Enterprise Server for SAP 15-SP2 (src): openjpeg-1.5.2-150000.4.5.1 SUSE Linux Enterprise Server for SAP 15-SP1 (src): openjpeg-1.5.2-150000.4.5.1 SUSE Linux Enterprise Server for SAP 15 (src): openjpeg-1.5.2-150000.4.5.1 SUSE Linux Enterprise Server 15-SP2-LTSS (src): openjpeg-1.5.2-150000.4.5.1 SUSE Linux Enterprise Server 15-SP2-BCL (src): openjpeg-1.5.2-150000.4.5.1 SUSE Linux Enterprise Server 15-SP1-LTSS (src): openjpeg-1.5.2-150000.4.5.1 SUSE Linux Enterprise Server 15-SP1-BCL (src): openjpeg-1.5.2-150000.4.5.1 SUSE Linux Enterprise Server 15-LTSS (src): openjpeg-1.5.2-150000.4.5.1 SUSE Linux Enterprise Realtime Extension 15-SP2 (src): openjpeg-1.5.2-150000.4.5.1 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (src): openjpeg-1.5.2-150000.4.5.1 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (src): openjpeg-1.5.2-150000.4.5.1 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src): openjpeg-1.5.2-150000.4.5.1 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src): openjpeg-1.5.2-150000.4.5.1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src): openjpeg-1.5.2-150000.4.5.1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src): openjpeg-1.5.2-150000.4.5.1 SUSE Linux Enterprise High Performance Computing 15-LTSS (src): openjpeg-1.5.2-150000.4.5.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS (src): openjpeg-1.5.2-150000.4.5.1 SUSE Enterprise Storage 7 (src): openjpeg-1.5.2-150000.4.5.1 SUSE Enterprise Storage 6 (src): openjpeg-1.5.2-150000.4.5.1 SUSE CaaS Platform 4.0 (src): openjpeg-1.5.2-150000.4.5.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Done, closing.